Moritz Müller - 2023-11-29 08:47:16
Good morning
Ralf Weber - 2023-11-29 08:50:13
Moin!
Andreas Wittkemper - 2023-11-29 08:58:28
Good morning
Robert Kisteleki - 2023-11-29 09:00:22
Good morning everyone, I'm Robert from the RIPE NCC. This chat panel for the DNS Working Group is meant for discussion ONLY. If you have questions for the speaker and you want the session chair to read it out, please write it in the Q&A window also stating your affiliation. Otherwise, you can ask questions using the microphone icon. Please note that all chat transcripts will be archived and made available to the public at https://ripe87.ripe.net/. The RIPE Code of Conduct: https://www.ripe.net/publications/docs/ripe-766.
Tim Wicinski - 2023-11-29 09:03:05
Morning !
Peter Hessler - 2023-11-29 09:04:29
congrats!
Tim Wicinski - 2023-11-29 09:04:45
Congrats !
Peter Hessler - 2023-11-29 09:08:29
is dnssec more or less deployed than ipv6? ;)
Tim Wicinski - 2023-11-29 09:09:56
That sounds like a quick question Peter!
Tim Wicinski - 2023-11-29 09:10:04
trick question
Peter Hessler - 2023-11-29 09:10:16
just trolling :)
Robert Kisteleki - 2023-11-29 09:15:45
the correct link to the RIPE Code of Conduct is https://www.ripe.net/publications/docs/ripe-766 (without the . at the end). Apologies for the typo.
Tim Wicinski - 2023-11-29 09:15:47
DNS trolling is the best trolling
Shane Kerr - 2023-11-29 09:26:55
RFCs are good for software developers? HAHAHAHAHAHAHA!!!
Peter Hessler - 2023-11-29 09:29:25
most users just click "don'T care, accept cert"
Peter Hessler - 2023-11-29 09:29:49
that was the key vector in one of the big Bitcoin Wallet hijacks from a couple years ago
Ondrej Caletka - 2023-11-29 09:30:08
What about solving the problem of e-mail delivery? Without DNSSEC, MX can direct your mail anywhere.
Shane Kerr - 2023-11-29 09:30:33
"We have SSL" was already a counter-argument to DNSSEC 20 years ago. :-D
Tim Wicinski - 2023-11-29 09:33:05
"Tim's DNS Towing and Salvage"
Peter Hessler - 2023-11-29 09:33:48
I might be ready for the mic queue now
Shane Kerr - 2023-11-29 09:34:18
"You'll want the extended DNSSEC warranty, as well as the DNS under-hood hardening service, of course..."
Tim Wicinski - 2023-11-29 09:34:53
"I spoke to my manager and we can cut the price of hardening 25%....."
Michael Richardson - 2023-11-29 09:35:05
Jim is right: the is no clear benefit, only risk. And there isn't even avoidance of liability because nobody without DNSSEC has gotten sued yet. Yet, there are actually some savings by having zones that can be copied, rather than served.
Shane Kerr - 2023-11-29 09:35:18
We have ccTLD with more than 50% signed zones. To me it means that we can "solve" the "problem" of DNSSEC authoritative deployment with policy tweaks.
Shane Kerr - 2023-11-29 09:38:34
For example:
https://stats.sidnlabs.nl/en/dnssec.html
Eric Vyncke - 2023-11-29 09:45:19
DELEG what would happen if the information is conficting with the legacy NS/A/AAAA records ?
Shane Kerr - 2023-11-29 09:45:51
@Eric, presumably an older resolver would use the NS chain, and a newer resolver would use the DELEG chain.
Peter Hessler - 2023-11-29 09:46:29
might be interesting for intentionally testing an NS migration
Peter Hessler - 2023-11-29 09:46:43
or it could be the 2023 version of NS mismatch in parent
Shane Kerr - 2023-11-29 09:46:54
In our service we'd synthesize NS records if a DELEG record existed, but we sign online so have more flexibility than a general-use protocol specification.
Eric Vyncke - 2023-11-29 09:46:57
@Shane my guess indeed, this could lead to interesting operations though. @Peter: indeed
Robert Kisteleki - 2023-11-29 09:47:13
@Eric if you'd like this to be a question to the presenter, please add it to the Q&A
Elmar Bins - 2023-11-29 09:47:35
+1
Tim Wicinski - 2023-11-29 09:50:34
Please persue this, please try to break things
Shane Kerr - 2023-11-29 09:57:11
60 people in the DNS OARC Mattermost channel
Tim Wicinski - 2023-11-29 09:57:25
DNSOPchair here - start talks in DNSOP but we also think BoF/WG path
Peter Hessler - 2023-11-29 09:57:34
+1
Peter Hessler - 2023-11-29 09:57:49
please don't try to avoid the subject matter experts
Tim Wicinski - 2023-11-29 09:58:32
(that was the chairs vibes from the working group)
Eric Vyncke - 2023-11-29 10:03:19
@Tim: there could be short-cut for such a BAHG WG
Tim Wicinski - 2023-11-29 10:06:02
+1
Tim Wicinski - 2023-11-29 10:08:52
"Public Resolver"
Tim Wicinski - 2023-11-29 10:09:48
I am also responsible for the RFC typos when doing initial draft.
Michael Richardson - 2023-11-29 10:14:30
There are 53 people in the chat!
Eric Vyncke - 2023-11-29 10:15:26
UDP or TCP ?
Michael Richardson - 2023-11-29 10:15:36
ps: what does BHAG stand for?
Petra Zeidler - 2023-11-29 10:15:49
UDP, clearly :)
Michael Richardson - 2023-11-29 10:16:09
DoQ
Michael Richardson - 2023-11-29 10:16:55
(Q stands for Qoffee)
Eric Vyncke - 2023-11-29 10:17:12
☕
Kazunori Fujiwara - 2023-11-29 10:24:13
Fragmentation avoidance in DNS may be missing
Tim Wicinski - 2023-11-29 10:26:33
sorry for talking so fast but back on time
Elmar Bins - 2023-11-29 10:26:42
Nah...well done :-)
Shane Kerr - 2023-11-29 10:26:45
Well done Tim!
Lars-Johan Liman - 2023-11-29 10:26:57
... AAAND, before DNSEXT and DNSOP there was the DNS WG in the IETF ... which was closed down, because DNS was done ... ;-)
Shane Kerr - 2023-11-29 10:26:57
I really like the breakdown you presented.
Elmar Bins - 2023-11-29 10:27:13
DNS is always done... with you!
Tim Wicinski - 2023-11-29 10:27:25
I missed some documents as Kazunori pointed out
Tim Wicinski - 2023-11-29 10:28:03
It's how I view all the work we do in DNSOP - I was hoping it would be useful to others.
Elmar Bins - 2023-11-29 10:28:27
Someone will create a new DNSEXT group soon 🤣
Tim Wicinski - 2023-11-29 10:29:00
We've had DOH. DPRIVE, ADD, DNSSD
Tim Wicinski - 2023-11-29 10:29:14
I think we learned to focus the work
Shane Kerr - 2023-11-29 10:29:14
Maybe we need a new structure, where DNS work gets delegated through dnsop to other working groups....
Eric Vyncke - 2023-11-29 10:29:41
DNS_DISPATCH ?
Moritz Müller - 2023-11-29 10:29:51
https://www.ripe.net/ripe/mail/archives/dns-wg/2023-November/004105.html
Elmar Bins - 2023-11-29 10:30:14
Eric: DELEG
Shane Kerr - 2023-11-29 10:30:49
We can document it in the DNS itself, of course. Maybe we'll need a new type, like WG....
Tim Wicinski - 2023-11-29 10:31:52
or just put them all in TXT records.....
Elmar Bins - 2023-11-29 10:32:10
CH TXT, please
Petra Zeidler - 2023-11-29 10:32:45
from CHAOS, oder?
Petra Zeidler - 2023-11-29 10:32:50
orrrder
Andreas Wittkemper - 2023-11-29 10:33:03
😃
Tim Wicinski - 2023-11-29 10:36:22
I run "zonemaster --liman"
Niall O'Reilly - 2023-11-29 10:37:23
Liman: "Zonemaster is Jam-packed with opinions" — Oh, yes!
Niall O'Reilly - 2023-11-29 10:37:40
👏👏👏
Moritz Müller - 2023-11-29 10:37:43
Thanks all
Robert Kisteleki - 2023-11-29 10:38:01
The session ended. See you at RIPE88!
